CCPA – California Consumer Privacy Act. What is it and does it apply to your business?

What is the CCPA?

The California Consumer Protection Act (CCPA) is a privacy law passed by the state of California in 2018 to control how businesses all over the world acquire, use, and exchange personal information about California consumers. If you have customers in California, you must be aware of the CCPA and follow its requirements, regardless of where you are situated or operate. When collecting personal information for employment, recruitment, or contracting purposes, covered employers must give notice to workers, job candidates, and independent contractors. Employers are prohibited from using the personal information they obtain for any reason not stated in the notice. For qualifying businesses, it is important to follow the laws and be prepared in advance, rather than facing penalties and consequences. 

Does the CCPA apply to your business?

The CCPA applies to for-profit businesses operating in California that meet one or more of the following criteria:

• Annual gross income of more than $25 million.
• Purchase, receive, or sell the personal information of at least 50,000 Californians, households, or devices.
• Sell personal information about California people for 50% or more of their annual revenue. If you are a company with these potential thresholds, then this consumer privacy interactive tool is a great recourse designed for you! Click the link to further determine your company’s compliance. https://www.oag.ca.gov/consumer-privacy-tool

What does the CCPA protect?

California residents are protected under the CCPA against third-party transactions or disclosures of their personal information.

Consumers in California have the following privacy protections under the CCPA:

• The right to know what personal information a company collects about them and how that information is used and shared.
• To have their personal information that has been collected, expunged, to refuse to have their personal information sold to third parties.
• Nondiscrimination in the exercise of their CCPA rights.

Given the CCPA’s extent and complexity, compliance is more complicated than just providing a template and completing a one-hour training for employees in relation to consumer and employee data. As an employer, Maintaining CCPA Compliance and staying away from Penalization of CCPA Noncompliance is extremely important for your business. 

Below are brief recommendations for both influential topics:

Maintaining CCPA Compliance

• In your website’s privacy policy, include a quick overview of consumers’ rights. Give them information on how and where to exercise their rights.
• Update the list of personal information you are collecting, selling, or disclosing in your privacy policy on a regular basis.
• Before or during data collection, let your users know what personal information you are gathering and why.
• Provide a ‘Do not sell my personal information’ link on the page where you are collecting personal data, allowing users to opt out of third-party data sales.
• If you are collecting data on children under the age of 13, you will need permission from a parent or legal guardian.
• Before selling personal information collected from minors under the age of 16, you must have their explicit consent.

Penalties of CCPA Noncompliance

• Intentional violation costs $7,500.
• Unintentional violation costs $2,500.
• Civil action suits a consumer’s unencrypted sensitive personal information is exposed because of a data breach.

Conclusion

Emplicity is determined to provide help and guidance in navigating the CCPA guidelines through providing information and tools. Though we are not liable for a failure of compliance, it is important that as a business you are informed and aware of the mandate.